Cyber Incident Victim: South Washington County School District
Date:
Jan 2017
Location:
United States of America
Summary
A high school student breached the South Washington County school district's server, accessing names, Social Security numbers, and some addresses, with data for over 15,000 individuals downloaded to an external drive. Of these, files for 478 people were opened, though forensic analysis and a sworn statement from the student indicated no personal data was shared, copied, or misused. The district, collaborating with law enforcement, implemented enhanced security measures including migrating personal files to an encrypted server with two-factor authentication. Identity theft monitoring and guidance were offered to the 478 affected individuals. The incident occurred amid broader regional cybersecurity concerns, including a separate phishing scam targeting another school district’s employees.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early January 2017, a high school student within South Washington County School District successfully hacked into the district's server and downloaded personally identifiable information, including names, Social Security numbers, and some addresses. The student transferred the data to an external hard drive before the breach was discovered. District officials, including Superintendent Keith Jacobus, disclosed the incident in a February 2017 letter to staff, confirming that files containing data for over 15,000 individuals were compromised during the unauthorized access. Forensic analysis determined that the student specifically opened files belonging to 478 people. The unidentified student provided a sworn statement asserting no personal data had been shared, copied, or misused, which was corroborated by preliminary digital evidence reviewed by Technology Director Bob Berkowitz. The district initiated an investigation with law enforcement assistance while simultaneously implementing enhanced security protocols.
The breach affected current and former staff members across the district's schools in Cottage Grove, St. Paul Park, Newport, and Woodbury. In response, the district began migrating all personal data to an encrypted server protected by two-factor authentication to prevent similar incidents. Superintendent Jacobus publicly acknowledged the violation of trust and expressed regret about the security failure. As a remedial measure, the district offered complimentary identity theft monitoring services exclusively to the 478 individuals whose files were confirmed accessed, along with educational materials on identity theft protection. No evidence suggested broader dissemination or malicious use of the stolen data beyond the initial download and limited file access by the student perpetrator. District spokeswoman Barbara Brown provided specific figures regarding the scope of compromised records while maintaining the confidentiality of the involved student's identity throughout the investigation.